5.9

CVE-2020-15526

EPSS 0.13%
Veröffentlicht 09.07.2020 17:15:12
Zuletzt bearbeitet 21.11.2024 05:05:41
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

In Redgate SQL Monitor 7.1.4 through 10.1.6 (inclusive), the scope for disabling some TLS security certificate checks can extend beyond that defined by various options on the Configuration > Notifications pages to disable certificate checking for alert notifications. These TLS security checks are also ignored during monitoring of VMware machines. This would make SQL Monitor vulnerable to potential man-in-the-middle attacks when sending alert notification emails, posting to Slack or posting to webhooks. The vulnerability is fixed in version 10.1.7.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Red-gate ≫ Sql Monitor Version >= 7.1.4 <= 10.1.6

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.13%	0.287

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.9	2.2	3.6	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N

CWE-295 Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

https://www.red-gate.com/privacy-and-security/vulnerabilities/2020-07-08-sql-monitor

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-15526

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-15526

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-15526

EUVD